As discussed in our recent blog post, on August 26, DoD published an Interim Rule that would expand the already onerous requirements of the DFARS Safeguarding Clause by broadening its application to "covered defense information" and by requiring subcontractors to report cyber incidents directly to DoD. As discussed in a separate blog post, the Interim Rule also seeks to ensure uniformity in the DoD's IT acquisition and use of cloud computing services by adding T&C's, including that, unless otherwise authorized, cloud service providers must maintain all government data within the U.S., outlying areas, or DoD premises.